[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Have I been hacked?

On Sun 11 Jan 2015 at 22:32:39 +0000, Iain M Conochie wrote:

> On 10/01/15 20:31, Brian wrote:
> >By all means advocate and use ssh keys. But at least provide some
> >substantial reason for spurning password login for that particular
> >situation. A blanket "don't use passwords" or "keys are better"
> >doesn't cut it.
> 
> There are 3 (current) factors in authentication:
> 
> 1. What the user knows
> 2. What the user has
> 3. What the user is
> 
> These increase in security as you go higher up the number. So
> (assuming the implementation is secure) my fingerprint (being
> something I am) is more secure than a password. Also, an ssh-key
> (being something I have) is more secure than a password.

Both a password and a key is something the user is in possession of.
A fingerprint (a key, I suppose) is no more "me" than a password. I
may be being dense but I am having difficulties in following your
argument and the distinctions you are trying to make.
 
> In each case we have the _implementation_ to let us down. #1 is up
> to the user whereas #2 and #3 are up to the programmer. Who do you
> trust ;)

Sorry, I do not follow this either.
Reply to: